Search

The Spam Auditor Blog: The information nexus for the anti-spam community.

Known Sender Forgery Protection – Anti Phishing

Information Details

Normally, the reason you have reached this page is because a mail server has sent you a message when it rejected an email from you, or one of your users.

If you are an email or network operator, you can continue reading this section

If you are a user sending email and it got blocked, you should read this section instead

Information for Email and Network Operators

Everyone knows that in SMTP and Email in general one can configure most any email address to be used as a ‘From’ argument. What do you do to detect cases where the sender is pretending to be someone else though? There are several methods that have mixed adoption rates in use. SPF records is a common method for a domain owner to tell the world what servers are permitted to send email on behalf of your domain. DKIM is a method in which individual messages are ‘signed’ with special header signatures to ‘sign’ the message as valid for the sender domain. DMARC is a method intended to tie the two together in a cohesive whole as to what action to take when messages are received from a domain without being authorized via one of these methods. The unfortunate side effect of these checks is that there is additional overhead required for DNS lookups – and in several cases DNS lookups may need to traverse a large number of recursive trees in order to complete.

Known Sender Forgery Protection is a different method in which DNS lookups are not required. This approach is a simple method in which only the most often abused / forged domains are detected and validated as coming from authorized to send sources. The net effect is to stop the peskiest cases – be it fake bank statements, viral loaded ‘delivery’ notifications, or even forged newsletters from your favorite online music site.

WARNING: if you are using pre-filtering 3rd party services, or delivery relays in front of your server, then you will want to disable this check as it could result in false positive hits.

Information for users. Why was my email blocked?

If your email was blocked, and the link sent you here it is probably because the email address you are attempting to send from and the server you are attempting to send through is not on the approved list for the domain in question. To resolve this, you will need to update your Email Client settings to use your domain, or the domain of the ISP your email is serviced by.

Normally, this rule will only block spammers and hackers.

Please check with the administrator of your outbound email server, or ISP for more information.